2f860c44a54cff6d23bcc2ab0982fc99949be29df315a0f1d32ee496ac9c30b8

Analysis

max time kernel
93s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 07:00

Target

9916a9c18da2616da0ca342849d177f0_NeikiAnalytics.dll
Size

7.2MB
MD5

9916a9c18da2616da0ca342849d177f0
SHA1

cc61396a100899f0e0f67423c00807bc3750d489
SHA256

2f860c44a54cff6d23bcc2ab0982fc99949be29df315a0f1d32ee496ac9c30b8
SHA512

2aafb85a6213b21e4bee738e1415223fb5cb3c92e775af6a95823434b8e7966481b4a32edd8b2c57e64709314949b8916dd7170afc90c49f39c8c30a95ac8706
SSDEEP

196608:D+8oALFNITikeHHTsj9KqCY1PvIsI7JrD5k:D+9ALNlHI4NY1kk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 396	3524	rundll32.exe	82
PID 3524 wrote to memory of 396	3524	rundll32.exe	82
PID 3524 wrote to memory of 396	3524	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9916a9c18da2616da0ca342849d177f0_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9916a9c18da2616da0ca342849d177f0_NeikiAnalytics.dll,#1
  2⤵
  PID:396